Skip to main content
Explore our brands An Informa TechTarget Publication
close search
site logo

Coalition of information-sharing groups warns of cyber, physical attacks

A joint advisory says Iran-linked groups are targeting U.S. critical infrastructure using DDoS, phishing and other retaliatory techniques.

Published March 12, 2026
David Jones's headshot
Reporter
The Strait of Hormuz shown by a satellite image in 2020, with the Persian Gulf and Gulf of Oman on each side.
The Strait of Hormuz between Oman and Iran shown by satellite in 2020. A coalition of threat sharing groups warn that state-linked and hacktivist groups are ramping up cyberattacks against critical infrastructure in the U.S. Retrieved from NASA's Moderate Resolution Imaging Spectroradiometer.

A coalition of threat information groups on Wednesday warned that the U.S. and Israeli bombing campaign has led to increased risk of retaliatory cyberattacks from Iran-linked actors as well as physical attacks from violent extremists. 

The coalition, led by the Food and Agriculture Information Sharing and Analysis Center and the Information Technology-ISAC, warned that state-sponsored groups, hacktivists and criminal groups are likely to target critical infrastructure sites in the U.S. using various tactics, including spear-phishing or stolen credentials.

“Iranian actors have formidable capabilities and tend to be more active during times of geopolitical conflict,” Scott Algeier, executive director of IT-ISAC, told Cybersecurity Dive.

The goal of the advisory is to help bridge the gap in intelligence between what the government issues and the collective resources of the various ISAC groups. Ten information-sharing groups participated in the joint advisory, including Health-ISAC, WaterISAC, National Defense ISAC and others.

Information security teams are being urged to take precautionary measures, monitor for anomalous activity, back up data, enable multifactor authentication and prepare for incident response. 

The warning comes amid confirmed attacks claimed by pro-Iran hacktivists and some groups linked to the Iranian regime. 

Several U.S. companies have been targeted for attack in recent weeks by either hacktivist groups or state-linked threat actors. 

On Wednesday, medical device maker Stryker was the target of a suspected wiper attack that disrupted its Microsoft environment. 

A state-backed threat actor tracked as Seedworm or MuddyWater installed malicious backdoors on the networks of several U.S. companies dating back to early February, according to researchers at Symantec and Carbon Black

The advisory also references specific attacks since early March, including a DDoS attack from the pro-Russia hacktivist NoName057 (16) targeting Israeli organizations on March 4. 

The coalition also warns that government-backed sleeper cells, lone wolf sympathizers and others may engage in physical attacks related to the conflict. At least two clerics in Iran have issued fatwas, or religious edicts, for Muslims to take revenge for the killing of Iran’s former Supreme Leader Ali Khamenei at the beginning of the bombing campaign.

Filed Under: Threats

Editors' picks

  • An American flag and a flag bearing the seal of the Cybersecurity and Infrastructure Security Agency (which features an eagle holding a shield with elements of a skyline on it) flank a large upright square panel bearing the same CISA seal. On the wall to the right of the panel and the flags, a row of digital clocks shows the time in the four major U.S. time zones.
    Image attribution tooltip
    Eric Geller/Cybersecurity Dive
    Image attribution tooltip

    Layoffs, reassignments further deplete CISA

    Some CISA staffers have been pushed out, while others are being told to move across the country for jobs outside their skill sets.

    By Eric Geller • Oct. 14, 2025
  • A banner bearing the eagle-and-shield logo of the Cybersecurity and Infrastructure Security Agency and reading "America's Cyber Defense Agency" hangs over a conference booth that contains chairs, posters, speakers, and plants.
    Image attribution tooltip
    CISA. (2024). Retrieved from Flickr.
    Image attribution tooltip

    CISA loses nearly all top officials as purge continues

    Most of the leaders of the agency’s operating divisions and regional offices have left or will leave this month amid the Trump administration’s aggressive government-downsizing campaign.

    By Eric Geller • May 27, 2025

Company Announcements

View all | Post a press release
Teqtivity Analysis: Ghost Assets Are the Breach Your Security Stack Can’t Stop
From Teqtivity
March 04, 2026
Teqtivity logo
CyberFOX Named a 2026 Best Place to Work by the Tampa Bay Business Journal
From CyberFOX
February 24, 2026
CyberFOX logo
AU10TIX Enters a New Phase to Support Enterprises Navigating Risk and Regulatory Complexity
From AU10TIX
February 25, 2026
AU10TIX logo
Editors' picks
  • An American flag and a flag bearing the seal of the Cybersecurity and Infrastructure Security Agency (which features an eagle holding a shield with elements of a skyline on it) flank a large upright square panel bearing the same CISA seal. On the wall to the right of the panel and the flags, a row of digital clocks shows the time in the four major U.S. time zones.
    Image attribution tooltip
    Eric Geller/Cybersecurity Dive
    Image attribution tooltip

    Layoffs, reassignments further deplete CISA

    Some CISA staffers have been pushed out, while others are being told to move across the country for jobs outside their skill sets.

    By Eric Geller • Oct. 14, 2025
  • A banner bearing the eagle-and-shield logo of the Cybersecurity and Infrastructure Security Agency and reading "America's Cyber Defense Agency" hangs over a conference booth that contains chairs, posters, speakers, and plants.
    Image attribution tooltip
    CISA. (2024). Retrieved from Flickr.
    Image attribution tooltip

    CISA loses nearly all top officials as purge continues

    Most of the leaders of the agency’s operating divisions and regional offices have left or will leave this month amid the Trump administration’s aggressive government-downsizing campaign.

    By Eric Geller • May 27, 2025
Latest in Threats
This website is owned and operated by Informa TechTarget, a global network that informs, influences and connects the world's technology buyers and sellers.

© 2025 TechTarget, Inc. or its subsidiaries. All rights reserved. An Informa PLC company.
Privacy policy | Terms of use | Take down policy | Cookie Preferences / Do Not Sell